Law enforcement agencies are planning to use electronic surveillance laws intended to give government bodies access to communications data held by Internet service providers (ISPs) to obtain businesses records of visitors to firms' Web sites.
The warning comes as an international report singled out the UK as having laws which undermine the rights of individuals to electronic privacy. The report, published by the US-based Electronic Privacy Information Centre, and UK body Privacy International, claimed that the Data Protection Act has done little to limit the growth of surveillance, particularly since the 11 September terrorist attacks.
IT security experts attending a conference at the London School of Economics to launch the report said surveillance laws, such as the Regulation of Investigatory Powers Act and the Anti-Terrorism, Crime and Security Act, will have a direct impact on IT directors.
Richard Clayton, spokesman for the Foundation for Information Policy Research, said, "The police have belatedly realised that the communications traffic they are looking for is not held by ISPs.
"They want logs to find out who has been buying flight tickets from Web bucket-shops, for example. They have been working on the assumption that the ISPs have the Web logs - they don't, the online companies do."
Clayton advised IT directors to take advice now, so they know what their rights are and how they should respond if they receive a request for data.
"You should look hard at the data you are keeping and ask yourself whether there is a business need for it. If you do not need it, you are breaching the Data Protection Act if you keep it. But you also risk finding yourself coerced to disclose it," he said.